Cybersecurity Monthly Round Up

Novmber has seen both ups and downs in the world of cyberscurity. The video gaming service Steam fell victim to a devastating hack, potentially exposing personal information and credit card details of 35 million users. In a similar attck, Norway’s oil, gas, and defence firms was attacked by hackers. Norway’s National Security Agency confirmed that the details of contract negotiations along with industrial secrets had been stolen. The NSM said it was the biggest attack of its kind Norway had experienced with 10 or more businesses affected.

A report published found the UK consumer protection system to be failing to keep up with the digital revolution, leaving people at risk of scams. The result of this is online shoppers being at risk of email scams and fraud, says the Commons Public Accounts Committee. Online security experts also warned that a growing number of malwares are being disguised as seemingly innocent smartphone apps. The malware can send costly messages on the devices without the owner being aware, warn experts.

Facebook hit the headlines more than once, firstly as researchers from the University of British Columbia managed to steal information from the social netwroking site using social bots. The researchers were able to befriend genuine Facebook users, and then steal personal details. The second piece of news from camp Facebook was more positive; the site announced that it is changing the way it amends users’ privacy settings. Facebook will ask users to opt into any changes in the way it uses their personal information has been welcomed by privacy campaigners.

Continuing with more upbeat news, EU and US cybersecurity experts came together to stress-test their response to an online attack. Following a global rise in cybercrime and hacking attacks, Brussels played host to the European and US online security exercise this month. The event was the first time both had come together to role-play an emergency scenario. The beginning of November saw London play host to the London Conference on Cyberspace. The international conference gatherd representatives from 60 nations to discuss how to tackle the increasing levels of cybercrime. The attendees included foreign secretary William Hague, EU Commissioner Neelie Kroes, a variety of leading cybersecurity experts and technology entrepreneurs such as Wikipedia founder Jimmy Wales, Cisco vice-president Brad Boston and Joanna Shields, a senior executive at Facebook.

Facebook to Seek Consent

Facebook has announced that it is changing the way it amends users’ privacy settings. The news that the social network site will ask users to opt into any changes in the way it uses their personal information has been welcomed by privacy campaigners. Facebook is yet to comment.

Whereas previously Facebook merely announced changes to a users’ settings without requesting permission, this change puts the user back in control. The change comes after an investigation by the US Federal Trade Commission, according to a report by the Wall Street Journal. It is also suggested in the report that the social networking site has agreed to privacy audits for the next 20 years by an independent organisation.

One point that has not been clarified by the FTC is exactly how a users consent will be obtained. Privacy International, a UK based advocacy group commented “Facebook has historically been extremely resistant to transparency in its own operations, so we welcome measures that would force the company to obtain express consent of its users.

“However, it seems likely that the FTC’s demands will only present a temporary obstacle in the path of Facebook’s ambitions to collect its users’ information. “Faced with reams of small print, most users are likely to automatically agree to policy changes, with each change bringing us one step closer to Zuckerberg’s vision of a privacy-free future.”

Facebook founder, Mark Zuckerberg, was questioned on US show Charlie Rose about the firm’s privacy policies earlier this week: “You have control over every single thing you’ve shared on Facebook,” he said, “You can take it down.” Mr Zuckerberg also claimed that other search engines and advertisers gathered a “huge amount of information” about internet users through cookies, which is  “less transparent than what is happening at Facebook”.

Online security and cybercrime expert, Tero Pollanen, commented “Privacy policies and security settings are a hot topic at the moment. Statistics have shown a rise in the amount of personal information found on the internet, and a rise in online scams and identity theft. People need to be more aware of online risks and know how to protect themselves. My blog, www.tero-pollanen.blogspot.com has tips for staying safe online, news about current scams and security essentials”.

As to the reason for the FTC’s intervention, it is reportedly being linked to the campaign group Electronic Privacy Information Center (EPIC). The group filed a complaint 2 years ago with the commission, claiming that the changes in privacy settings “violate user expectations, diminish user privacy and contradict Facebook’s own representations”. EPIC also noted that Facebook users, security experts, and others had raised concerns about the change. A year later, EPIC filed a follow-up complaint claiming the social network had violated consumer protection law.

Facebook’s performance is staggering: according to the site it has over 800 million members who have used the site at least once in the past 30 days. In addition to this, the Reuters news agency reported that the site’s revenues for the first six months of this year alone totalled £1bn, thanks to advertising. Andrew Charlesworth, director of the centre for IT and law at the University of Bristol, points out “Users are not social networking sites’ primary customers, advertisers and marketers are,” said.

“While the FTC settlement indicates sites must be more open about the ways they make personal data available, and provide users with greater control, Facebook and others will already be rethinking the techniques they use to persuade users to keep their personal data publicly accessible.”